In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, March 23, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 26 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
42059

Talos's rule release:

Talos has added and modified multiple rules in the file-flash,
malware-cnc, malware-other, os-windows, policy-other, protocol-scada,
server-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, March 21, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 33 new rules and made modifications to 7 additional rules.

There were no changes made to the snort.conf in this release.

Talos would like to thank the following individuals for their contributions, their rules are included in the Community Ruleset:

Yaser Mansour
42019
42021

Talos's rule release:

Talos has added and modified multiple rules in the blacklist,
browser-ie, exploit-kit, file-flash, indicator-obfuscation, malware-cnc
and server-webapp rule sets to provide coverage for emerging threats
from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41575 through 41576, 41585 through 41590, and 41625
through 41626.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 41954
through 41957.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41553 through 41554, 41557 through 41562, 41573
through 41574, 41583 through 41584, 41593 through 41594, 41605 through
41606, and 41625 through 41626.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 41936
through 41939, 41942 through 41945, 41948 through 41953, 41958 through
41959, 41968 through 41969, and 41987 through 41988.

Microsoft Security Bulletin MS17-009:
A coding deficiency exists in Microsoft Windows PDF Library that may
lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41601 through 41602.

Microsoft Security Bulletin MS17-010:
A coding deficiency exists in Microsoft Windows SMB Server that may
lead to remote code execution.

Rules to detect attacks targeting these vulnerabilities are included in
this release and are identified with GID 1, SIDs 41978 and 41983
through 41984.

Microsoft Security Bulletin MS17-011:
A coding deficiency exists in Microsoft Uniscribe that may lead to
remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41597 through 41598.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 41934
through 41935, 41940 through 41941, 41960 through 41961, 41966 through
41967, 41972 through 41975, 41985 through 41986, and 41991 through
41992.

Microsoft Security Bulletin MS17-012:
A coding deficiency exists in Microsoft Windows that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41563 through 41564 and 41567 through 41572.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 41989
through 41990.

Microsoft Security Bulletin MS17-013:
A coding deficiency exists in Microsoft Graphics Component that may
lead to remote code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41591 through 41592.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 41932
through 41933, 41946 through 41947, 41970 through 41971, and 41993
through 41994.

Microsoft Security Bulletin MS17-014:
A coding deficiency exists in Microsoft Office that may lead to remote
code execution.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41565 through 41566, 41577 through 41578, 41581
through 41582, 41597 through 41598, and 41797 through 41798.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 41962
through 41965, 41976 through 41977, and 41979 through 41982.

Microsoft Security Bulletin MS17-017:
A coding deficiency exists in Microsoft Windows Kernel that may lead to
an escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 40394 through 40395 and 41607 through 41610.

Microsoft Security Bulletin MS17-018:
A coding deficiency exists in Microsoft Windows Kernel-Mode Drivers
that may lead to an escalation of privilege.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41579 through 41580.

New rules to detect attacks targeting these vulnerabilities are also
included in this release and are identified with GID 1, SIDs 41926
through 41931 and 41995 through 41998.

Microsoft Security Bulletin MS17-021:
A coding deficiency exists in Microsoft DirectShow that may lead to
information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 41633 through 41634.

Microsoft Security Bulletin MS17-022:
A coding deficiency exists in Microsoft XML Core Services that may lead
to information disclosure.

Previously released rules will detect attacks targeting these
vulnerabilities and have been updated with the appropriate reference
information. They are also included in this release and are identified
with GID 1, SIDs 40364 through 40365.

Talos also has added and modified multiple rules in the browser-ie,
file-executable, file-flash, file-image, file-office, file-other,
file-pdf, os-other, os-windows and server-samba rule sets to provide
coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

These rules are available in our Subscriber ruleset, and can be purchased through Snort.org with a credit card.

Talos's rule release:

Talos has added and modified multiple rules in the browser-ie,
policy-other and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

We welcome the introduction of the newest rule release from Talos. In this release we introduced 70 new rules and made modifications to 46 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the browser-ie,
browser-webkit, exploit-kit, file-other, os-linux, policy-other,
protocol-dns and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Tuesday, March 7, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 22 new rules and made modifications to 4 additional rules.

There were no changes made to the snort.conf in this release.

These rules are available in our Subscriber ruleset, and can be purchased through Snort.org with a credit card.

Talos's rule release:

Talos has added and modified multiple rules in the browser-plugins,
file-office, indicator-obfuscation, policy-other, server-apache and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

We welcome the introduction of the newest rule release from Talos. In this release we introduced 27 new rules and made modifications to 7 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the browser-ie,
browser-plugins, exploit-kit, file-image, file-other, indicator-scan,
os-windows, policy-other and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

Thursday, March 2, 2017

We welcome the introduction of the newest rule release from Talos. In this release we introduced 19 new rules and made modifications to 11 additional rules.

Talos's rule release:

Talos has added and modified multiple rules in the blacklist,
browser-ie, exploit-kit, file-pdf, indicator-compromise, malware-cnc,
malware-tools, protocol-scada and server-webapp rule sets to provide
coverage for emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!

The fourth alpha release of Snort++ is now available on snort.org. If you haven't tried Snort++ yet, now is a good time to do so as this pig sports a superset of Snort 2.9.8.3 functionality:

Support for multiple packet processing threads

Improved throughput and latency performance

Improved detection

Modular design

Plugin framework with over 200 plugins

More scalable memory profile

A brand new HTTP inspector

Service rules like alert http

Rule "sticky" buffers

LuaJIT configuration, loggers, and rule options

Auto-detect common services for portless configuration

Rewritten TCP handling

New rule parser and syntax

New performance monitor

New time and space profiling

New latency monitoring and enforcement

Automake or Cmake - your choice

Builtin help and generated reference documentation

The
first beta release is expected around midyear at which point Talos will provide 3.0
rule downloads. In the meantime, you can use the
snort2lua utility packaged with Snort++ to convert 2.X rules and confs.

There are lots of enhancements and new features planned for Snort++, some of which are already in development. As always, new
downloads are posted to snort.org monthly. You can also get the latest updates from github (snortadmin/snort3) which is updated weekly.

Please submit bugs, questions, and feedback to bugs@snort.org or the Snort-Users mailing list.

We welcome the introduction of the newest rule release from Talos. In this release we introduced 28 new rules and made modifications to 3 additional rules.

There were no changes made to the snort.conf in this release.

Talos's rule release:

Talos has added and modified multiple rules in the browser-ie,
file-multimedia, file-office, indicator-compromise, policy-other,
protocol-scada and server-webapp rule sets to provide coverage for
emerging threats from these technologies.

In order to subscribe now to Talos's newest rule detection functionality, you can subscribe for as low as $29 US dollars a year for personal users, be sure and see our business pricing as well at https://snort.org/products#rule_subscriptions. Make sure and stay up to date to catch the most emerging threats!